Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/sys/kern Pull up revision 1.91 (requested by elad in tick...
details: https://anonhg.NetBSD.org/src/rev/91412a0064ad
branches: netbsd-3
changeset: 576370:91412a0064ad
user: tron <tron%NetBSD.org@localhost>
date: Sat Jul 02 15:51:06 2005 +0000
description:
Pull up revision 1.91 (requested by elad in ticket #487):
More veriexec changes:
- Better organize strict level. Now we have 4 levels:
- Level 0, learning mode: Warnings only about anything that might've
resulted in 'access denied' or similar in a higher strict level.
- Level 1, IDS mode:
- Deny access on fingerprint mismatch.
- Deny modification of veriexec tables.
- Level 2, IPS mode:
- All implications of strict level 1.
- Deny write access to monitored files.
- Prevent removal of monitored files.
- Enforce access type - 'direct', 'indirect', or 'file'.
- Level 3, lockdown mode:
- All implications of strict level 2.
- Prevent creation of new files.
- Deny access to non-monitored files.
- Update sysctl(3) man-page with above. (date bumped too :)
- Remove FINGERPRINT_INDIRECT from possible fp_status values; it's no
longer needed.
- Simplify veriexec_removechk() in light of new strict level policies.
- Eliminate use of 'securelevel'; veriexec now behaves according to
its strict level only.
diffstat:
sys/kern/vfs_vnops.c | 42 ++++++++++++++++++++++++------------------
1 files changed, 24 insertions(+), 18 deletions(-)
diffs (95 lines):
diff -r a1f0cdda2179 -r 91412a0064ad sys/kern/vfs_vnops.c
--- a/sys/kern/vfs_vnops.c Sat Jul 02 15:50:08 2005 +0000
+++ b/sys/kern/vfs_vnops.c Sat Jul 02 15:51:06 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_vnops.c,v 1.86.2.2 2005/06/13 22:09:09 tron Exp $ */
+/* $NetBSD: vfs_vnops.c,v 1.86.2.3 2005/07/02 15:51:06 tron Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1993
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.86.2.2 2005/06/13 22:09:09 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_vnops.c,v 1.86.2.3 2005/07/02 15:51:06 tron Exp $");
#include "fs_union.h"
@@ -96,7 +96,7 @@
struct nameidata *ndp;
int fmode, cmode;
{
- struct vnode *vp;
+ struct vnode *vp = NULL; /* XXXGCC */
struct mount *mp;
struct proc *p = ndp->ni_cnd.cn_proc;
struct ucred *cred = p->p_ucred;
@@ -122,6 +122,20 @@
if ((error = namei(ndp)) != 0)
return (error);
if (ndp->ni_vp == NULL) {
+#ifdef VERIFIED_EXEC
+ /* Lockdown mode: Prevent creation of new files. */
+ if (veriexec_strict >= 3) {
+ VOP_ABORTOP(ndp->ni_dvp, &ndp->ni_cnd);
+
+ printf("Veriexec: vn_open: Preventing "
+ "new file creation in %s.\n",
+ ndp->ni_dirp);
+
+ error = EPERM;
+ goto bad;
+ }
+#endif /* VERIFIED_EXEC */
+
VATTR_NULL(&va);
va.va_type = VREG;
va.va_mode = cmode;
@@ -182,16 +196,15 @@
if ((fmode & O_CREAT) == 0) {
#ifdef VERIFIED_EXEC
- /* XXX may need pathbuf instead */
- if ((vp->v_type == VREG) &&
- ((error = veriexec_verify(p, vp, &va, ndp->ni_dirp,
- VERIEXEC_FILE)) != 0))
+ /* XXX may need pathbuf instead */
+ if ((error = veriexec_verify(p, vp, &va, ndp->ni_dirp,
+ VERIEXEC_FILE)) != 0)
goto bad;
#endif
+
if (fmode & FREAD) {
if ((error = VOP_ACCESS(vp, VREAD, cred, p)) != 0)
goto bad;
-
}
if (fmode & (FWRITE | O_TRUNC)) {
@@ -203,22 +216,15 @@
(error = VOP_ACCESS(vp, VWRITE, cred, p)) != 0)
goto bad;
#ifdef VERIFIED_EXEC
- /*
- * If file has a fingerprint then
- * deny the write request, otherwise
- * invalidate the status so we don't
- * keep checking for the file having
- * a fingerprint.
- */
- if ((vp->fp_status == FINGERPRINT_VALID) ||
- (vp->fp_status == FINGERPRINT_INDIRECT)) {
+ if (vp->fp_status != FINGERPRINT_NOENTRY) {
veriexec_report("Write access request.",
ndp->ni_dirp, &va, p,
REPORT_NOVERBOSE,
REPORT_ALARM,
REPORT_NOPANIC);
- if (veriexec_strict > 0) {
+ /* IPS mode: Deny writing to monitored files. */
+ if (veriexec_strict >= 2) {
error = EPERM;
goto bad;
} else {
Home |
Main Index |
Thread Index |
Old Index